seo网站推广杭州/做网站公司哪家比较好

标题centos7.5开启ssh服务

https://blog.csdn.net/menglongfc/article/details/95732671

标题CentOS7做ssh免密登录

(1)实验环境两台CentOS7：youxi1　　192.168.1.6youxi2　　192.168.1.7这里我将防火墙关闭进行实验，如果防火墙开启，请将端口加入到防火墙规则中。(2).目标在ssh端口不为22的情况下，进行单向免密登录或双向免密登录（端口不一致）(3).实验首先修改两台服务器的端口，vim /etc/ssh/sshd_config，找到如下部分
#Port 22将#去除，22改为想要的端口号。这里我将youxi1的ssh端口号改为2890，youxi2的ssh端口号改为2891。接着使用命令systemctl restart sshd重启服务。再使用netstat -tlunp | grep sshd查看端口号（如果没有netstat请安装net-tools）[root@youxi1 Packages]# netstat -tlunp | grep sshd　　//youxi1tcp        0      0 0.0.0.0:2890            0.0.0.0:*               LISTEN      9953/sshd          tcp6       0      0 :::2890                 :::*                    LISTEN      9953/sshd[root@youxi2 ~]# netstat -tlunp | grep sshd　　//youxi2tcp        0      0 0.0.0.0:2891            0.0.0.0:*               LISTEN      17526/sshd         tcp6       0      0 :::2891                 :::*                    LISTEN      17526/sshd
1）单向免密登录youxi1使用ssh远程youxi2不需要密码，但youxi2使用ssh远程youxi1需要密码在yousi1上使用ssh-keygen生成公钥和私钥（这里使用默认的rsa），一路默认即可[root@youxi1 ~]# ssh-keygen -t rsa　　//默认指定的是rsa，所以可以没有-t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): 　　//选项没有指定生成地址时，此处也可以指定Created directory '/root/.ssh'.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:ia+le9ZX3cAxztmIINJbWnEGrK9lq4lY4pYNevgqecM root@youxi1The key's randomart image is:+---[RSA 2048]----+|       . .ooo    ||      . o =o  o  ||       . B . = * ||       .+.  . B .||      . S.     o.||    .  .  +   . o|| o o.+. o= . .   ||o E.++.=+.o .    || o.*+ =+o. .     |+----[SHA256]-----+在没有指定生成地址时，会默认生成到家目录下的.ssh/目录下。使用rsa就会生成id_rsa和id_rsa.pub两个文件，如果使用的是dsa则生成的是id_dsa和id_dsa.pub两个文件。[root@youxi1 ~]# ls /root/.ssh/id_rsa  id_rsa.pub接着使用命令ssh-copy-id命令将公钥发到youxi2服务器上[root@youxi1 ~]# ssh-copy-id -i .ssh/id_rsa.pub -p2891 root@192.168.1.7　　//-p选项指定被远程的服务器的端口号/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"The authenticity of host '[192.168.1.7]:2891 ([192.168.1.7]:2891)' can't be established.ECDSA key fingerprint is SHA256:j3ee8eoTo2XEv0QxCYmxphMipcNRxC+IONPmt1HwRLg.ECDSA key fingerprint is MD5:25:e2:b4:08:f2:79:7d:6e:42:84:b5:78:3d:6a:81:20.Are you sure you want to continue connecting (yes/no)? yes　　//yes继续/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@192.168.1.7's password: 　　//输入192.168.1.7服务器上的root用户的密码Number of key(s) added: 1Now try logging into the machine, with:   "ssh -p '2891' 'root@192.168.1.7'"and check to make sure that only the key(s) you wanted were added.公钥传完后虽然会在本地生成.ssh/known_hosts文件，但并不生效。而在youxi2服务器的root用户的家目录下生成.ssh目录，并含有authorized_keys文件。[root@youxi1 ~]# ls .ssh/authorized_keys此时youxi1上的id_rsa.pub文件与youxi2是上的authorized_keys文件相同。最后测试：在youxi1上ssh远程youxi2，会发现并不需要输入密码[root@youxi1 ~]# ssh -p 2891 root@192.168.1.7Last login: Sun May 12 17:46:49 2019 from youxi1.cn[root@youxi2 ~]# ls .ssh/authorized_keys或者[root@youxi1 ~]# ssh  root@192.168.1.7注意：是本机生成的公钥发给被远程的服务器，在发送公钥和远程服务器时，都需要指定被远程的服务器的端口号。
2）双向免密登录双向免密就是互换公钥即可，这里接着上面把youxi2的公钥发送到youxi1上，并进行测试。[root@youxi2 ~]# ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:9+woxNPvkE99zGUEZNcI+DJaUUIZXXMKb7k/Y6kPiJU root@youxi2The key's randomart image is:+---[RSA 2048]----+|         .+*++*.+||          +..+.B.||           o  = .||          + o. o ||       .S+.E  . o||        =.++.. =o||       . ooo+..==||        .  *. +.o||         ...+... |+----[SHA256]-----+[root@youxi2 ~]# ssh-copy-id -i .ssh/id_rsa.pub -p2890 root@192.168.1.6/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"The authenticity of host '[192.168.1.6]:2890 ([192.168.1.6]:2890)' can't be established.ECDSA key fingerprint is SHA256:j3ee8eoTo2XEv0QxCYmxphMipcNRxC+IONPmt1HwRLg.ECDSA key fingerprint is MD5:25:e2:b4:08:f2:79:7d:6e:42:84:b5:78:3d:6a:81:20.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@192.168.1.6's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh -p '2890' 'root@192.168.1.6'"and check to make sure that only the key(s) you wanted were added.[root@youxi2 ~]# ssh -p 2890 root@192.168.1.6Last login: Sun May 12 17:24:54 2019 from youxi2.cn[root@youxi1 ~]#